CVE-2023-7317
Published: 30 October 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2023-7317 is a missing access control vulnerability (CWE-862) affecting the Web SSH Terminal in Nagios XI versions prior to 2024R1. This flaw allows insufficient authorization checks, enabling unauthorized access to the terminal interface. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants access to or interaction with the Web SSH Terminal, potentially allowing unauthorized command execution on the host system or disclosure of sensitive information.
Vendor advisories, including the Nagios XI changelog and security page, recommend upgrading to Nagios XI 2024R1 or later to mitigate the issue. Additional details are available in the referenced advisories from Nagios and VulnCheck.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a missing access control in a public-facing web application (Nagios XI Web SSH Terminal), enabling exploitation for unauthorized remote command execution via Unix shell (T1190, T1059.004).